Routing between VLANs using a Linux Server
To begin working with VLANs, is necessary to know how they work, that is, knowing the basic definitions and how to function in an environment that works with VLANs.
The operation of VLANs becomes more interesting when combined with trunk lines that allow the multiplexing of multiple VLANs via a single link.
Each frame that comes from the trunk is tagged with a VLAN ID (VLAN identifier), so that the devices can then provide the information only for VLANs where they belong.
Trunk ports can be configured between two switches, between a switch and a router, or between a switch and a computer that supports trunking (via IEEE 802.1q). In the computer each VLAN is treated as if it were a different interface. An important thing to remember is that all VLANs running on this physical interface share the same bandwidth, so if the link works at 100Mbps, this will be shared by all interfaces.
Linux and VLANs
Linux has long been support for working with or VLAN trunking via a kernel patch. In early versions, support trunking is supported from version 2.6
Linux patches are available online for a variety of network cards, however, currently Linux distributions come already prepared for such implementations.
Settings on a Linux Router for multiple VLANs
Configuring a Linux Router for multiple VLANs, is very similar to configurations with regular physical cards, the only difference is that it is necessary to indicate that physical interface being added each VLAN. For this you use the vconfig command.
For this example, three interfaces are created in the Linux Router, from 2-4, Linux Server eth0 port is connected to a trunk port of the switch that allows for communication between multiple VLANs, as shown in the following image.
The commands to perform the configuration on the Linux Router for multiple VLANs, are:
linux-7o72:~ # vconfig add eth0 2
linux-7o72:~ # vconfig add eth0 3
linux-7o72:~ # vconfig add eth0 4
You also need to make settings for the network address of each of the new interfaces:
ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255
The command "vconfig" can set a number of additional parameters such as VLAN name and others, but for example, we will use the minimum parameters for operation. Once you have defined the virtual interfaces you can display related data via the command "ifconfig -a", as is done with virtual interfaces.
This configuration is not permanent, that is, once the computer restarted all the work will be lost when you require this to be permanent you can create a script like this.
## Script creating multiple VLANs on a Linux Router ##
# / bin / bash
# Creating VLANs
vconfig add eth0 2
vconfig add eth0 3
vconfig add eth0 4
# Assigning IP VLANs
ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255
# Enable routing on Linux #
echo "1"> / proc/sys/net/ipv4/ip_forward
echo All interfaces are created!
Thus we have a Linux Router for multiple VLANs, then it is necessary to perform the settings in the PC with the following settings, for example only describes the configuration of the PC with address 172.16.2.10
Configuration on the switch
For this example we will use a switch WS-C2950G-24TS Cisco, because as everyone knows the settings vary in concordance with the make and model. However, this would work for any type of mark so long as the switch allows creating VLANs. (For this part requires a switch that is administrable and support the creation of VLANs)
The necessary settings on the switch are:
Sw1# configure terminal
Sw1(config)# interface G0/1
Sw1(config-if)# switchport mode trunk
Sw1(config-if)# switchport trunk encapsulation dot1q
Sw1(config-if)# exit
Range setting interfaces
Interfaces Vlan o Subred
F0/1 – 8 Vlan 2
F0/9 – 16 Vlan 3
F0/17 – 24 Vlan 4
Sw1(config)# interface range f0/1 - 8
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 2
Sw1(config)# interface range f0/9 - 16
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 3
Sw1(config)# interface range f0/17 - 24
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 4
Right now only necessary to test the performance of our network and be able to ping from the PC with IP address 172.16.2.10 to the PC with IP address 172.16.3.10
The operation of VLANs becomes more interesting when combined with trunk lines that allow the multiplexing of multiple VLANs via a single link.
Each frame that comes from the trunk is tagged with a VLAN ID (VLAN identifier), so that the devices can then provide the information only for VLANs where they belong.
Trunk ports can be configured between two switches, between a switch and a router, or between a switch and a computer that supports trunking (via IEEE 802.1q). In the computer each VLAN is treated as if it were a different interface. An important thing to remember is that all VLANs running on this physical interface share the same bandwidth, so if the link works at 100Mbps, this will be shared by all interfaces.
Linux and VLANs
Linux has long been support for working with or VLAN trunking via a kernel patch. In early versions, support trunking is supported from version 2.6
Linux patches are available online for a variety of network cards, however, currently Linux distributions come already prepared for such implementations.
Settings on a Linux Router for multiple VLANs
Configuring a Linux Router for multiple VLANs, is very similar to configurations with regular physical cards, the only difference is that it is necessary to indicate that physical interface being added each VLAN. For this you use the vconfig command.
For this example, three interfaces are created in the Linux Router, from 2-4, Linux Server eth0 port is connected to a trunk port of the switch that allows for communication between multiple VLANs, as shown in the following image.
The commands to perform the configuration on the Linux Router for multiple VLANs, are:
linux-7o72:~ # vconfig add eth0 2
linux-7o72:~ # vconfig add eth0 3
linux-7o72:~ # vconfig add eth0 4
You also need to make settings for the network address of each of the new interfaces:
ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255
The command "vconfig" can set a number of additional parameters such as VLAN name and others, but for example, we will use the minimum parameters for operation. Once you have defined the virtual interfaces you can display related data via the command "ifconfig -a", as is done with virtual interfaces.
This configuration is not permanent, that is, once the computer restarted all the work will be lost when you require this to be permanent you can create a script like this.
## Script creating multiple VLANs on a Linux Router ##
# / bin / bash
# Creating VLANs
vconfig add eth0 2
vconfig add eth0 3
vconfig add eth0 4
# Assigning IP VLANs
ifconfig eth0.2 172.16.2.1 netmask 255.255.255.0 broadcast 172.16.2.255
ifconfig eth0.3 172.16.3.1 netmask 255.255.255.0 broadcast 172.16.3.255
ifconfig eth0.4 172.16.4.1 netmask 255.255.255.0 broadcast 172.16.4.255
# Enable routing on Linux #
echo "1"> / proc/sys/net/ipv4/ip_forward
echo All interfaces are created!
Thus we have a Linux Router for multiple VLANs, then it is necessary to perform the settings in the PC with the following settings, for example only describes the configuration of the PC with address 172.16.2.10
Configuration on the switch
For this example we will use a switch WS-C2950G-24TS Cisco, because as everyone knows the settings vary in concordance with the make and model. However, this would work for any type of mark so long as the switch allows creating VLANs. (For this part requires a switch that is administrable and support the creation of VLANs)
The necessary settings on the switch are:
Sw1# configure terminal
Sw1(config)# interface G0/1
Sw1(config-if)# switchport mode trunk
Sw1(config-if)# switchport trunk encapsulation dot1q
Sw1(config-if)# exit
Range setting interfaces
Interfaces Vlan o Subred
F0/1 – 8 Vlan 2
F0/9 – 16 Vlan 3
F0/17 – 24 Vlan 4
Sw1(config)# interface range f0/1 - 8
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 2
Sw1(config)# interface range f0/9 - 16
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 3
Sw1(config)# interface range f0/17 - 24
Sw1(config-if)# switchport mode access
Sw1(config-if)# switchport access vlan 4
Right now only necessary to test the performance of our network and be able to ping from the PC with IP address 172.16.2.10 to the PC with IP address 172.16.3.10
0 Comments:
Post a Comment